您在這裡

Drupal新手教學:如何設定Drupal資料夾權限

當大家使用linux系統之後一定會遇到一個問題:我的drupal權限該怎麼給?

最懶人也最不安全的作法就是整個drupal資料夾給最大權限,如果大家在本機測試開發姑且可以這樣,可是上到伺服器之後這樣做絕對是不安全的。

 

資料夾設定權限

step1:給web server write 權限讀寫settings.php並加入群組www-data

chgrp www-data sites/default/settings.php

chmod g+w sites/default/settings.php

step2:加入Apache群組-R整個資料夾-v詳細顯示哪些檔案做了更動

chgrp -Rv www-data sites/default/files

step3:更改files資料夾權限

# 2775的2意思是在此資料夾之後所新增檔案或目錄都擁有此權限

chmod 2775 sites/default/files

step4:確保你的web server有權限寫入

chmod g+w -R sites/default/files

step5:settings.php檔案權限更改為只能讀取

chmod 444 sites/default/settings.php

 

 

如果你知道每個資料夾的權限該怎麼給大可以這樣,如果你對linux不熟悉不如使用別人寫好的bash檔。

(以下以本機為例)

step1:建立一個bash檔命名fix-permissions.sh 放在/bin
cd /bin/
nano fix-permissions.sh

setp2:將腳本程式碼複製入檔案並存檔

#!/bin/bash
# Help menu
print_help() {
cat <<-HELP
This script is used to fix permissions of a Drupal installation
you need to provide the following arguments:
1) Path to your Drupal installation.
2) Username of the user that you want to give files/directories ownership.
3) HTTPD group name (defaults to www-data for Apache).
Usage: (sudo) bash ${0##*/} --drupal_path=PATH --drupal_user=USER --httpd_group=GROUP
Example: (sudo) bash ${0##*/} --drupal_path=/usr/local/apache2/htdocs --drupal_user=john --httpd_group=www-data
HELP
exit 0
}
if [ $(id -u) != 0 ]; then
  printf "**************************************\n"
  printf "* Error: You must run this with sudo. *\n"
  printf "**************************************\n"
  print_help
  exit 1
fi
drupal_path=${1%/}
drupal_user=${2}
httpd_group="${3:-www-data}"
# Parse Command Line Arguments
while [ $# -gt 0 ]; do
  case "$1" in
    --drupal_path=*)
      drupal_path="${1#*=}"
      ;;
    --drupal_user=*)
      drupal_user="${1#*=}"
      ;;
    --httpd_group=*)
      httpd_group="${1#*=}"
      ;;
    --help) print_help;;
    *)
      printf "***********************************************************\n"
      printf "* Error: Invalid argument, run --help for valid arguments. *\n"
      printf "***********************************************************\n"
      exit 1
  esac
  shift
done
if [ -z "${drupal_path}" ] || [ ! -d "${drupal_path}/sites" ] || [ ! -f "${drupal_path}/core/modules/system/system.module" ] && [ ! -f "${drupal_path}/modules/system/system.module" ]; then
  printf "*********************************************\n"
  printf "* Error: Please provide a valid Drupal path. *\n"
  printf "*********************************************\n"
  print_help
  exit 1
fi
if [ -z "${drupal_user}" ] || [[ $(id -un "${drupal_user}" 2> /dev/null) != "${drupal_user}" ]]; then
  printf "*************************************\n"
  printf "* Error: Please provide a valid user. *\n"
  printf "*************************************\n"
  print_help
  exit 1
fi
cd $drupal_path
printf "Changing ownership of all contents of "${drupal_path}":\n user => "${drupal_user}" \t group => "${httpd_group}"\n"
chown -R ${drupal_user}:${httpd_group} .
printf "Changing permissions of all directories inside "${drupal_path}" to "rwxr-x---"...\n"
find . -type d -exec chmod u=rwx,g=rx,o= '{}' \;
printf "Changing permissions of all files inside "${drupal_path}" to "rw-r-----"...\n"
find . -type f -exec chmod u=rw,g=r,o= '{}' \;
printf "Changing permissions of "files" directories in "${drupal_path}/sites" to "rwxrwx---"...\n"
cd sites
find . -type d -name files -exec chmod ug=rwx,o= '{}' \;
printf "Changing permissions of all files inside all "files" directories in "${drupal_path}/sites" to "rw-rw----"...\n"
printf "Changing permissions of all directories inside all "files" directories in "${drupal_path}/sites" to "rwxrwx---"...\n"
for x in ./*/files; do
    find ${x} -type d -exec chmod ug=rwx,o= '{}' \;
    find ${x} -type f -exec chmod ug=rw,o= '{}' \;
done
echo "Done setting proper permissions on files and directories"

 

step3:執行bash
sudo bash fix-permissions.sh --drupal_path=your/drupal/path --drupal_user=your_user_name

ps:要執行bash檔一定要在檔案的目錄底下

 

 

參考資料:

https://www.drupal.org/node/244924

http://drupal.stackexchange.com/questions/373/what-are-the-recommended-directory-permissions